From d16ec86d1091abb3a3dfba0987caf6d4b118c7b1 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Fri, 12 Apr 2024 20:18:25 -0400 Subject: [PATCH 1/4] de-hyphenate old mentions of ziti-controller as 'ziti controller' --- controller/server/controller.go | 2 +- controller/subcmd/init.go | 4 ++-- doc/001-overview.md | 34 ++++++++++++++++----------------- doc/002-local-dev.md | 13 ++++--------- doc/ops-agent.md | 4 ++-- quickstart/README.md | 33 ++++++++++++++++---------------- 6 files changed, 42 insertions(+), 48 deletions(-) diff --git a/controller/server/controller.go b/controller/server/controller.go index 1526d2def..8c61349c9 100644 --- a/controller/server/controller.go +++ b/controller/server/controller.go @@ -321,7 +321,7 @@ func (c *Controller) checkEdgeInitialized() { if admin == nil { if !c.AppEnv.GetHostController().IsRaftEnabled() { - log.Fatal("the Ziti Edge has not been initialized via 'ziti-controller edge init', no default admin exists") + log.Fatal("the Ziti Edge has not been initialized via 'ziti controller edge init', no default admin exists") } if first { diff --git a/controller/subcmd/init.go b/controller/subcmd/init.go index e9f6da1ce..214a59379 100644 --- a/controller/subcmd/init.go +++ b/controller/subcmd/init.go @@ -63,10 +63,10 @@ func NewEdgeInitializeCmd(versionProvider versions.VersionProvider) *cobra.Comma cmd := &cobra.Command{ Use: "init [-p]", Aliases: []string{"initialize"}, - Example: "ziti-controller edge init controller.yml -u admin -p o93wjh5n", + Example: "ziti controller edge init controller.yml -u admin -p o93wjh5n", Args: func(cmd *cobra.Command, args []string) error { if len(args) != 1 { - return errors.New("config file not specified: ziti-controller edge init ") + return errors.New("config file not specified: ziti controller edge init ") } return nil diff --git a/doc/001-overview.md b/doc/001-overview.md index 577e207f8..ab88fce7c 100644 --- a/doc/001-overview.md +++ b/doc/001-overview.md @@ -17,11 +17,11 @@ and management of endpoints that make use of the Ziti SDK. The Ziti SDK can be b ingress and egress to the Ziti overlay network as well as to provide application specific networking to an individual application. Enabling the Edge features is optional. -Both the Fabric and Edge features are built into the ziti-controller and ziti-router binaries. +Both the Fabric and Edge features are built into the ziti binary. ## Ziti Controller -The Ziti Controller (ziti-controller) is the main server component of a Ziti environment. It is the first piece of Ziti +The Ziti Controller is the main server component of a Ziti environment. It is the first piece of Ziti that must be setup and configured. The controller houses all the router, service, and management data necessary to run a Ziti environment. There is one, and only one, controller per Ziti environment. @@ -49,29 +49,28 @@ Below is an outline of all the applications that are generated from this reposit The following binaries are used to deploy long running servers that route traffic and manage the configuration of a Ziti environment. -| Binary Name | Description| +| Command | Description| |-------------------| -----------| -| ziti-controller | Runs a central server necessary for Ziti environments| -| ziti-router | Runs a server capable of ingress'ing and egress'ing Ziti traffic standalone or as a mesh| +| ziti controller | Runs a central server necessary for Ziti environments| +| ziti router | Runs a server capable of ingress'ing and egress'ing Ziti traffic standalone or as a mesh| ### Tools -The following binaries provide utility or testing functionality. +The following commands provide utility or testing functionality. -| Binary Name | Description| +| Command | Description| |-------------------| -----------| -| ziti-enroller | Provides enrollment processing features for executables that do not directly support enrollment -| ziti-fabric-gw | Provides JSON RCP web service access to Ziti fabric management features -| ziti-fabric-test | The Ziti Fabric Toolbox which is used to test deployed fabric components| +| ziti edge enroll | Provides enrollment processing features for executables that do not directly support enrollment| +| ziti fabric inspect | Observe Ziti Fabric runtime values | ### Management The following binaries are used to configure and manage a Ziti environment via command line interactions. -| Binary Name | Description| +| Command | Description| |-------------------| -----------| -| ziti-fabric | Provides command line access to Ziti Fabric management features| -| ziti | Provides command line access to Ziti management features| +| ziti fabric | Provides command line access to Ziti Fabric management features| +| ziti edge | Provides command line access to Ziti management features| ## Endpoint Clients @@ -79,12 +78,13 @@ The following binaries are Ziti endpoint clients which have the Ziti SDK built i edge router. Endpoint clients can be application specific or act as a bridge to other applications, hosts, or underlay networks. -| Binary Name | Description| +| Command | Description| |-------------------| -----------| -| ziti-tunnel | Provides the ability to intercept traffic to route traffic across Ziti| +| ziti tunnel | Provides the ability to intercept traffic to route traffic across Ziti| -All of the above binaries are cross platform compatible, except ziti-tunnel which is currently Linux only. +All of the above binaries are cross platform compatible, except `ziti tunnel` which is currently Linux-only. ## Further Exploration -Continue your OpenZiti exploration in [the next article about getting set up for local development](./002-local-dev.md) and building the apps from source. +Continue your OpenZiti exploration in [the next article about getting set up for local development](./002-local-dev.md) +and building the apps from source. diff --git a/doc/002-local-dev.md b/doc/002-local-dev.md index 4189e5fba..25782443f 100644 --- a/doc/002-local-dev.md +++ b/doc/002-local-dev.md @@ -12,7 +12,7 @@ grep -Po '^go\s+\K\d+\.\d+(\.\d+)?$' go.mod ## Build and Install All Applications -This repo contains several Go applications, e.g. ziti-controller, ziti-router. These applications were reorganized as subcommands of the `ziti` CLI application, so it's no longer necessary to build the discrete binaries. Only the `ziti` CLI is necessary. The easiest way to build and install `ziti` in `${GOPATH}/bin` is: +This repo contains one main Go application, i.e. `ziti` with many subcommands. The easiest way to build and install `ziti` in `${GOPATH}/bin` is: ```bash # build and install ziti CLI @@ -23,20 +23,15 @@ If you add `${GOPATH}/bin` to your executable search `${PATH}` then you may imme ```bash $ ziti version -NAME VERSION -ziti v0.0.0 -ziti-controller not installed -ziti-prox-c not installed -ziti-router not installed -ziti-tunnel not installed -ziti-edge-tunnel v0.20.18-local +v0.0.0 ``` -## Build ziti CLI +## Save Build Artifact Elsewhere ```bash # build the binary without installing in GOPATH go build -o ./build/ziti ./ziti/ + # execute the binary ./build/ziti version ``` diff --git a/doc/ops-agent.md b/doc/ops-agent.md index fd66c5668..ca2ba2e6f 100644 --- a/doc/ops-agent.md +++ b/doc/ops-agent.md @@ -64,8 +64,8 @@ Use unix sockets to limit security risk. Only the user on the machine who starte Examples: -1. `ziti-controller --cli-agent-addr unix:/tmp/my-special-agent-file.sock` -2. `ziti-controller --cli-agent-addr tcp:127.0.0.1:10001` +1. `ziti controller --cli-agent-addr unix:/tmp/my-special-agent-file.sock` +2. `ziti controller --cli-agent-addr tcp:127.0.0.1:10001` ### Disabling the Agent diff --git a/quickstart/README.md b/quickstart/README.md index 2c67ed53a..156f1b73f 100644 --- a/quickstart/README.md +++ b/quickstart/README.md @@ -6,27 +6,27 @@ simple networks. As with any solution it is common for additional changes to the after expanding beyond the initial setup. There are three different modes contained in these folders. One mode allows you very quickly get setup and -run the two main components of a OpenZiti network: ziti-controller and ziti-router. The [Express](#express) +run the two main components of a OpenZiti network: ziti-controller and ziti-router. The [Express](#express) configuration will guide you here. The remaining two modes all use [docker](https://docs.docker.com/get-started/) to establish environments. The first of the docker-based quickstarts uses [docker-compose](https://docs.docker.com/compose/). You will find a fully defined OpenZiti Network in a compose file which should allow you to understand better and learn how multiple routers can be linked to form a mesh network or serve as an initial -template to build your own compose file from. +template to build your own compose file. Lastly, you can choose to run [docker](https://docs.docker.com/get-started/) directly. This mode is necessarily more verbose but should you prefer to not use docker-compose it can also illustrate how to establish -a OpenZiti Network piece by piece. +an OpenZiti Network piece by piece. ## Prerequisites ### Bash -All of these quickstarts will use bash. On MacOS/linux this will be natural however on Windows you'll want +All of these quickstarts will use bash. On MacOS/Linux this will be natural however on Windows you'll want to ensure you have a suitable shell. There are numerous shells available but perhaps the simplest will be -to use [Windows Subsystem for Linux (WSL)](https://docs.microsoft.com/en-us/windows/wsl/install-win10). You -might also use git-bash, cygwin, or any other bash shell you fancy. +to use [Windows Subsystem for Linux (WSL)](https://docs.microsoft.com/en-us/windows/wsl/install-win10). You +might also use git-bash, Cygwin, or any other bash shell you fancy. ### Docker/Docker Compose @@ -51,40 +51,39 @@ The express install script will do quite a few things to get you bootstrapped. 1. create a full suite of PKI 1. create a config file for the controller 1. create a config file for an edge router -1. download the latest distribution of ziti from github.com/openziti/ziti/releases +1. download the latest distribution of Ziti from github.com/openziti/ziti/releases 1. unzip the distribution -1. start the `ziti-controller` and `ziti-router` executables -1. the `ziti-controller` should now be exposed on https://$(hostname):1280 +1. start the controller and router in the background +1. expose the controller on https://$(hostname):1280 ## Docker - Compose -The [docker-compose](https://docs.docker.com/compose/) based example will create numerous `ziti-router`s +The [docker-compose](https://docs.docker.com/compose/) based example will create numerous `ziti-router`s as well as spooling up a `ziti-controller` and expose the controller on port 1280. This configuration is intended to look and feel like the following image: ![image info](./docker-compose-nw.svg) Here, a simple OpenZiti Network is shown which contains two public OpenZiti Edge Routers, one router without the "edge" enabled and usable only for transit, and two private edge routers: one blue, one red. The goal with this setup is to attempt to -have a single isolated service that is not accessible from outside of the blue network (as best as possible with +have a single isolated service that is not accessible from outside of the blue network (as best as possible with only docker). ## Docker - No Compose -You can still startup a dev environment easily with [docker](https://docs.docker.com/get-started/) only. In this example -you will start a OpenZiti Controller as well as a single OpenZiti Edge Router. +You can still start up a dev environment easily with [docker](https://docs.docker.com/get-started/) only. In this example, +you will start an OpenZiti Controller as well as a single OpenZiti Edge Router. ### Prerequisite -Since the openziti project is all about creating overlay networks - it's important for the docker containers to be -able to communicate to one another. This is accomplished using a docker network and setting the alias of the container -on that docker network. +The Docker containers must be able to communicate with one another. This is accomplished using a Docker network and +setting the alias of the container on that Docker network. Before running the commands below please do the following: #declare a variable that defines the 'network' zitinw="myZitiNetwork" - #declare a fully qualified path to the location you want your shared files to go and create it + #declare a fully qualified path to the location that you want your shared files to go and create it zitinw_shared="${HOME}/.ziti/dockerenvs/${zitinw}" mkdir -p "${zitinw_shared}" From 0f84d7c7d76bee9decacb48cd0b822ea9b9ef0dc Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Mon, 22 Apr 2024 17:13:36 -0400 Subject: [PATCH 2/4] direct quickstart readers to ziti-doc --- changelogs/CHANGELOG.0.30.md | 2 +- dist/docker-images/ziti-controller/.env | 2 + .../ziti-controller/compose.override.yml | 3 + dist/docker-images/ziti-router/.env | 3 + doc/001-overview.md | 8 +- doc/002-local-dev.md | 10 -- quickstart/README.md | 140 +----------------- 7 files changed, 14 insertions(+), 154 deletions(-) create mode 100644 dist/docker-images/ziti-controller/.env create mode 100644 dist/docker-images/ziti-controller/compose.override.yml create mode 100644 dist/docker-images/ziti-router/.env diff --git a/changelogs/CHANGELOG.0.30.md b/changelogs/CHANGELOG.0.30.md index 31f5384d5..1ad35f644 100644 --- a/changelogs/CHANGELOG.0.30.md +++ b/changelogs/CHANGELOG.0.30.md @@ -43,7 +43,7 @@ Currently only HTTP Connect proxies which don't require authentication are suppo not create the usual edge router/service edge router policy. * [Issue #1397](https://github.com/openziti/ziti/issues/1397) - HTTP Proxy support for host.v1/host.v2 config types * [Issue #1423](https://github.com/openziti/ziti/issues/1423) - Controller crashes when edge router reconnects (Client Hello) - * [Issue #1414](https://github.com/openziti/ziti/issues/1414) - Race condition in xgress_edge_tunnel tunneller at start but not seen in pre-compiled binary + * [Issue #1414](https://github.com/openziti/ziti/issues/1414) - Race condition in xgress_edge_tunnel tunneler at start but not seen in pre-compiled binary * [Issue #1406](https://github.com/openziti/ziti/issues/1406) - Entity change event dispatcher isn't shutting down properly when controller shuts down * [Issue #1382](https://github.com/openziti/ziti/issues/1382) - service failure costs are not shrinking over time diff --git a/dist/docker-images/ziti-controller/.env b/dist/docker-images/ziti-controller/.env new file mode 100644 index 000000000..a26307e74 --- /dev/null +++ b/dist/docker-images/ziti-controller/.env @@ -0,0 +1,2 @@ +ZITI_PWD=admin +ZITI_CTRL_ADVERTISED_ADDRESS=ctrl.127.0.0.1.sslip.io diff --git a/dist/docker-images/ziti-controller/compose.override.yml b/dist/docker-images/ziti-controller/compose.override.yml new file mode 100644 index 000000000..b15aabc00 --- /dev/null +++ b/dist/docker-images/ziti-controller/compose.override.yml @@ -0,0 +1,3 @@ +services: + ziti-controller: + network_mode: host diff --git a/dist/docker-images/ziti-router/.env b/dist/docker-images/ziti-router/.env new file mode 100644 index 000000000..aa610dbc1 --- /dev/null +++ b/dist/docker-images/ziti-router/.env @@ -0,0 +1,3 @@ +ZITI_ENROLL_TOKEN=eyJhbGciOiJSUzI1NiIsImtpZCI6IjUyN2UwYzMwZjgyYTMwMmFmNzMzMDFiZmQwYjY5YjU4NTRlOTdmZmEiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2N0cmwuMTI3LjAuMC4xLnNzbGlwLmlvOjEyODAiLCJzdWIiOiJ0ZVRaa0NZcjB4IiwiYXVkIjpbIiJdLCJleHAiOjE3MTI5NDkwMzEsImp0aSI6IjVkYjAyNzg3LThiYjYtNGI3Ny05ODdiLWUzYTUxNDRjMTBkMSIsImVtIjoiZXJvdHQiLCJjdHJscyI6bnVsbH0.ch5Dp-IVmqmn4u9OtILVaeDBvEeURU8Nh0KRXK_Z8ELwgu7yQO29s2zULHtj5AAVdl6tGkyln3UaUw2rnl-TcjSbRQ2NHDw4fcpLsHEuVZn648ppuDG0UosQJYJX8FSuvCxuUVot7mUaRXgqYbrdPfX8norOJp8f-ZG14i8MOZjR8JH2E1Ye__swH_BZCZ2QJxmaI8-TyCtzS6shbrIv2xWIG_2lscB3_9JGqcFk5f_jNrn0Dc2mXrMwF8xzeoo-erM_DyqTmq63X73fHIZKKZtJGOR58E-1QF77255hcGs7NrhSAl3EPWpYh-mMg9Y13vViT_ann_KFIpiHntKnPwQptmATjrAMhlAsHu0ZOlM1mV0divxJIznBsgr8ESeefWoXWMquctRdiM3l1-7tD37wtlbwGT36azt3ezZkbnjnu9NREZCFRvAyZ_lFrByKv2k7pZrxGrby4pbqeE-1hI1PZabpGiwpa4DK2BPmiUMFQnN557ZzvJXCRn6ucF2h5keLN6sfg0gRSUP32jVZbbJBLGTbmAxpPzLsvo6CPRAtuAoS1vt7E9teSPCiCsfYsm8KRqXhoEHVjqMFexdtIVpWjpKiwToxlP9tXKgqCEVFXRc0b0OM6N3OIuQSJMWocwFIH8JKiXC9_CG9_ZK9kd1XGVRdwCDpUC0pUsA2fg0 +ZITI_CTRL_ADVERTISED_ADDRESS=ctrl.127.0.0.1.sslip.io +ZITI_ROUTER_ADVERTISED_ADDRESS=router1.127.0.0.1.sslip.io diff --git a/doc/001-overview.md b/doc/001-overview.md index ab88fce7c..1bf23faf1 100644 --- a/doc/001-overview.md +++ b/doc/001-overview.md @@ -49,7 +49,7 @@ Below is an outline of all the applications that are generated from this reposit The following binaries are used to deploy long running servers that route traffic and manage the configuration of a Ziti environment. -| Command | Description| +| Subcommand | Description| |-------------------| -----------| | ziti controller | Runs a central server necessary for Ziti environments| | ziti router | Runs a server capable of ingress'ing and egress'ing Ziti traffic standalone or as a mesh| @@ -58,7 +58,7 @@ configuration of a Ziti environment. The following commands provide utility or testing functionality. -| Command | Description| +| Subcommand | Description| |-------------------| -----------| | ziti edge enroll | Provides enrollment processing features for executables that do not directly support enrollment| | ziti fabric inspect | Observe Ziti Fabric runtime values | @@ -67,7 +67,7 @@ The following commands provide utility or testing functionality. The following binaries are used to configure and manage a Ziti environment via command line interactions. -| Command | Description| +| Subcommand | Description| |-------------------| -----------| | ziti fabric | Provides command line access to Ziti Fabric management features| | ziti edge | Provides command line access to Ziti management features| @@ -78,7 +78,7 @@ The following binaries are Ziti endpoint clients which have the Ziti SDK built i edge router. Endpoint clients can be application specific or act as a bridge to other applications, hosts, or underlay networks. -| Command | Description| +| Subcommand | Description| |-------------------| -----------| | ziti tunnel | Provides the ability to intercept traffic to route traffic across Ziti| diff --git a/doc/002-local-dev.md b/doc/002-local-dev.md index 25782443f..a4aa1fe0d 100644 --- a/doc/002-local-dev.md +++ b/doc/002-local-dev.md @@ -26,16 +26,6 @@ $ ziti version v0.0.0 ``` -## Save Build Artifact Elsewhere - -```bash -# build the binary without installing in GOPATH -go build -o ./build/ziti ./ziti/ - -# execute the binary -./build/ziti version -``` - ## Run a Local Ziti Stack Let's get a local Ziti stack up and running now that you have built and installed all the Ziti apps in this repo. diff --git a/quickstart/README.md b/quickstart/README.md index 156f1b73f..d7956bc3b 100644 --- a/quickstart/README.md +++ b/quickstart/README.md @@ -1,141 +1,3 @@ # Quickstart -This directory contains a set of scripts designed to make it easy to establish a starter overlay network. -The expectation is that these scripts and docker image are useful for learning or for establishing -simple networks. As with any solution it is common for additional changes to the configuration to be required -after expanding beyond the initial setup. - -There are three different modes contained in these folders. One mode allows you very quickly get setup and -run the two main components of a OpenZiti network: ziti-controller and ziti-router. The [Express](#express) -configuration will guide you here. - -The remaining two modes all use [docker](https://docs.docker.com/get-started/) to establish environments. -The first of the docker-based quickstarts uses [docker-compose](https://docs.docker.com/compose/). -You will find a fully defined OpenZiti Network in a compose file which should allow you to understand better -and learn how multiple routers can be linked to form a mesh network or serve as an initial -template to build your own compose file. - -Lastly, you can choose to run [docker](https://docs.docker.com/get-started/) directly. This mode is necessarily -more verbose but should you prefer to not use docker-compose it can also illustrate how to establish -an OpenZiti Network piece by piece. - -## Prerequisites - -### Bash - -All of these quickstarts will use bash. On MacOS/Linux this will be natural however on Windows you'll want -to ensure you have a suitable shell. There are numerous shells available but perhaps the simplest will be -to use [Windows Subsystem for Linux (WSL)](https://docs.microsoft.com/en-us/windows/wsl/install-win10). You -might also use git-bash, Cygwin, or any other bash shell you fancy. - -### Docker/Docker Compose - -If you are interested in using the quickstarts which use docker/docker-compose you will clearly need to -have one or both installed and be moderately familiar with whichever you are using. - -### Review All Scripts - -Remember - it's always a good idea to review any scripts before you run them. We encourage you to review -the scripts in these folders before running them. - -## Express - -By far the easiest way to establish an environment quickly is to simply run the express install script -found at [./quickstart/docker/image/ziti-cli-functions.sh](). - -### What It Does - -The express install script will do quite a few things to get you bootstrapped. It will: - -1. create a full suite of configuration files located by default at ~/.ziti/quickstart/$(hostname) - 1. create a full suite of PKI - 1. create a config file for the controller - 1. create a config file for an edge router -1. download the latest distribution of Ziti from github.com/openziti/ziti/releases -1. unzip the distribution -1. start the controller and router in the background -1. expose the controller on https://$(hostname):1280 - -## Docker - Compose - -The [docker-compose](https://docs.docker.com/compose/) based example will create numerous `ziti-router`s -as well as spooling up a `ziti-controller` and expose the controller on port 1280. This configuration is intended to -look and feel like the following image: -![image info](./docker-compose-nw.svg) - -Here, a simple OpenZiti Network is shown which contains two public OpenZiti Edge Routers, one router without the "edge" enabled -and usable only for transit, and two private edge routers: one blue, one red. The goal with this setup is to attempt to -have a single isolated service that is not accessible from outside of the blue network (as best as possible with -only docker). - -## Docker - No Compose - -You can still start up a dev environment easily with [docker](https://docs.docker.com/get-started/) only. In this example, -you will start an OpenZiti Controller as well as a single OpenZiti Edge Router. - -### Prerequisite - -The Docker containers must be able to communicate with one another. This is accomplished using a Docker network and -setting the alias of the container on that Docker network. - -Before running the commands below please do the following: - - #declare a variable that defines the 'network' - zitinw="myZitiNetwork" - - #declare a fully qualified path to the location that you want your shared files to go and create it - zitinw_shared="${HOME}/.ziti/dockerenvs/${zitinw}" - mkdir -p "${zitinw_shared}" - - #make a docker network for isolation while allowing the parts to be able to interact - docker network create "$zitinw" - -### Starting the Containers - -To start the containers you can simply run these two commands in two different shells. (or choose to daemonize them -once you're ready to do so). Take special note of the initial variables used in these commands. The ${zitinw} variable -is expected to be set. See the Prerequisite section above: - -OpenZiti Controller: - - docker run -d --name "${zitinw}-controller" --volume "${zitinw_shared}":/openziti/shared -it --network="${zitinw}" --network-alias=ziti-controller --network-alias=ziti-edge-controller --rm openziti/quickstart /openziti/scripts/run-controller.sh - -OpenZiti Edge Router: - - routerName=edge-router; docker run -d --name "${zitinw}-${routerName}" --rm -e ZITI_ROUTER_NAME="${routerName}" --volume "${zitinw_shared}":/openziti/shared -it --network="${zitinw}" --hostname "${routerName}" --network-alias="${routerName}" --rm openziti/quickstart /openziti/scripts/run-router.sh edge - -## Releasing a new version of the Quickstart - -### Artifacts Produced by a Release - -The enclosing project's GitHub releases are never updated and no Git tags are created for a quickstart release. - -1. `openziti/quickstart` container image [in Docker Hub](https://hub.docker.com/r/openziti/quickstart) -1. a CloudFront Function in AWS pointing the `get.openziti.io` reverse proxy to the GitHub SHA of the release - -### Release Process - -A quickstart release is created when either of the following conditions are met: - -1. OpenZiti, the enclosing project, is released by the OpenZiti team -1. A pull request is merged into the trunk branch `release-next` with the label `quickstartrelease` - -### Release Machinery - -The release process is encoded in [a GitHub workflow](../.github/workflows/release-quickstart.yml). - -### GitHub Raw Reverse Proxy - -The `get.openziti.io` reverse proxy is a CloudFront distribution that points to a CloudFront Function and serves as a -shorter HTTP URL getter for raw GitHub source files, e.g. `https://get.openziti.io/dock/simplified-docker-compose.yml`. -The CloudFront Function is a JavaScript function that looks at the URI path of the incoming request and forwards it to -the appropriate GitHub raw download path. The CloudFront Function is updated by the release process, and the CloudFront -Distribution itself is hand-maintained in the AWS Console. The Distribution has these characteristics: - -* Viewer Domain Name: `get.openziti.io` (frontend) -* Route Origin: `raw.githubusercontent.com` (backend, upstream) -* Auto-renewing TLS certificate from ACM -* Cache Policy `CachingOptimized` (default) -* Routes to Origin based on Javascript Function deployed by quickstart release - -You can add or change a GitHub raw shortcut route by modifying the [routes.yml](../dist/cloudfront/get.openziti.io/routes.yml) file. +The Ziti quickstart documentation is here: [Ziti Network Quickstarts](https://openziti.io/docs/category/network). From 8b799fde6c907065cbfed92b4f2a4606a48caf67 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Mon, 22 Apr 2024 17:14:37 -0400 Subject: [PATCH 3/4] prune extra files --- dist/docker-images/ziti-controller/.env | 2 -- dist/docker-images/ziti-controller/compose.override.yml | 3 --- dist/docker-images/ziti-router/.env | 3 --- 3 files changed, 8 deletions(-) delete mode 100644 dist/docker-images/ziti-controller/.env delete mode 100644 dist/docker-images/ziti-controller/compose.override.yml delete mode 100644 dist/docker-images/ziti-router/.env diff --git a/dist/docker-images/ziti-controller/.env b/dist/docker-images/ziti-controller/.env deleted file mode 100644 index a26307e74..000000000 --- a/dist/docker-images/ziti-controller/.env +++ /dev/null @@ -1,2 +0,0 @@ -ZITI_PWD=admin -ZITI_CTRL_ADVERTISED_ADDRESS=ctrl.127.0.0.1.sslip.io diff --git a/dist/docker-images/ziti-controller/compose.override.yml b/dist/docker-images/ziti-controller/compose.override.yml deleted file mode 100644 index b15aabc00..000000000 --- a/dist/docker-images/ziti-controller/compose.override.yml +++ /dev/null @@ -1,3 +0,0 @@ -services: - ziti-controller: - network_mode: host diff --git a/dist/docker-images/ziti-router/.env b/dist/docker-images/ziti-router/.env deleted file mode 100644 index aa610dbc1..000000000 --- a/dist/docker-images/ziti-router/.env +++ /dev/null @@ -1,3 +0,0 @@ -ZITI_ENROLL_TOKEN=eyJhbGciOiJSUzI1NiIsImtpZCI6IjUyN2UwYzMwZjgyYTMwMmFmNzMzMDFiZmQwYjY5YjU4NTRlOTdmZmEiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2N0cmwuMTI3LjAuMC4xLnNzbGlwLmlvOjEyODAiLCJzdWIiOiJ0ZVRaa0NZcjB4IiwiYXVkIjpbIiJdLCJleHAiOjE3MTI5NDkwMzEsImp0aSI6IjVkYjAyNzg3LThiYjYtNGI3Ny05ODdiLWUzYTUxNDRjMTBkMSIsImVtIjoiZXJvdHQiLCJjdHJscyI6bnVsbH0.ch5Dp-IVmqmn4u9OtILVaeDBvEeURU8Nh0KRXK_Z8ELwgu7yQO29s2zULHtj5AAVdl6tGkyln3UaUw2rnl-TcjSbRQ2NHDw4fcpLsHEuVZn648ppuDG0UosQJYJX8FSuvCxuUVot7mUaRXgqYbrdPfX8norOJp8f-ZG14i8MOZjR8JH2E1Ye__swH_BZCZ2QJxmaI8-TyCtzS6shbrIv2xWIG_2lscB3_9JGqcFk5f_jNrn0Dc2mXrMwF8xzeoo-erM_DyqTmq63X73fHIZKKZtJGOR58E-1QF77255hcGs7NrhSAl3EPWpYh-mMg9Y13vViT_ann_KFIpiHntKnPwQptmATjrAMhlAsHu0ZOlM1mV0divxJIznBsgr8ESeefWoXWMquctRdiM3l1-7tD37wtlbwGT36azt3ezZkbnjnu9NREZCFRvAyZ_lFrByKv2k7pZrxGrby4pbqeE-1hI1PZabpGiwpa4DK2BPmiUMFQnN557ZzvJXCRn6ucF2h5keLN6sfg0gRSUP32jVZbbJBLGTbmAxpPzLsvo6CPRAtuAoS1vt7E9teSPCiCsfYsm8KRqXhoEHVjqMFexdtIVpWjpKiwToxlP9tXKgqCEVFXRc0b0OM6N3OIuQSJMWocwFIH8JKiXC9_CG9_ZK9kd1XGVRdwCDpUC0pUsA2fg0 -ZITI_CTRL_ADVERTISED_ADDRESS=ctrl.127.0.0.1.sslip.io -ZITI_ROUTER_ADVERTISED_ADDRESS=router1.127.0.0.1.sslip.io From b9f8e1ca6cb3e51bc08fb54cd5007680375b627e Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Mon, 22 Apr 2024 17:22:21 -0400 Subject: [PATCH 4/4] restore the quickstart release part of the readme --- quickstart/README.md | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/quickstart/README.md b/quickstart/README.md index d7956bc3b..93ce1bd89 100644 --- a/quickstart/README.md +++ b/quickstart/README.md @@ -1,3 +1,39 @@ # Quickstart The Ziti quickstart documentation is here: [Ziti Network Quickstarts](https://openziti.io/docs/category/network). + +## Releasing a new version of the Quickstart + +### Artifacts Produced by a Release + +The enclosing project's GitHub releases are never updated and no Git tags are created for a quickstart release. + +1. `openziti/quickstart` container image [in Docker Hub](https://hub.docker.com/r/openziti/quickstart) +1. a CloudFront Function in AWS pointing the `get.openziti.io` reverse proxy to the GitHub SHA of the release + +### Release Process + +A quickstart release is created when either of the following conditions are met: + +1. OpenZiti, the enclosing project, is released by the OpenZiti team +1. A pull request is merged into the trunk branch `release-next` with the label `quickstartrelease` + +### Release Machinery + +The release process is encoded in [a GitHub workflow](../.github/workflows/release-quickstart.yml). + +### GitHub Raw Reverse Proxy + +The `get.openziti.io` reverse proxy is a CloudFront distribution that points to a CloudFront Function and serves as a +shorter HTTP URL getter for raw GitHub source files, e.g. `https://get.openziti.io/dock/simplified-docker-compose.yml`. +The CloudFront Function is a JavaScript function that looks at the URI path of the incoming request and forwards it to +the appropriate GitHub raw download path. The CloudFront Function is updated by the release process, and the CloudFront +Distribution itself is hand-maintained in the AWS Console. The Distribution has these characteristics: + +* Viewer Domain Name: `get.openziti.io` (frontend) +* Route Origin: `raw.githubusercontent.com` (backend, upstream) +* Auto-renewing TLS certificate from ACM +* Cache Policy `CachingOptimized` (default) +* Routes to Origin based on Javascript Function deployed by quickstart release + +You can add or change a GitHub raw shortcut route by modifying the [routes.yml](../dist/cloudfront/get.openziti.io/routes.yml) file.